FirstPass
Chrome Web Store listing is coming soon. Stay tuned.

Last updated: June 3, 2026

Privacy Policy

1. Overview

This Privacy Policy explains how FirstPass ("we", "us") collects and uses information when you use our website and browser extension.

2. Information we collect

Website: If you contact us, we receive the information you submit (name, email address, message). Basic analytics may be collected by our hosting provider (e.g. Vercel) as described in their documentation.

Extension: Verification settings, API key references, and verification cache are stored locally in your browser unless a feature explicitly syncs data to a service you connect (such as Google Sheets). For a short period, hashed records of emails our system has already processed—marked as valid, invalid, or another verification result—may be retained on your device to improve system efficiency (for example to avoid repeat API calls). Those records use hashed email identifiers plus the verification outcome, not plaintext addresses.

Payments: When you purchase a subscription, payment and billing data are collected and processed by Paddle as Merchant of Record. We do not store full payment card numbers on our servers.

3. How we use information

To provide and improve the Service, respond to support requests, process subscriptions, prevent abuse, and comply with legal obligations.

We do not sell your personal information.

4. Email lists and verification data

Email addresses you verify are processed to deliver the Service. You control what lists you upload. Do not submit personal data you are not authorized to process.

You are responsible for providing any required notices and obtaining consents from data subjects under applicable privacy laws.

To improve efficiency, the FirstPass extension may temporarily store hashed records of emails that have been processed through our verification system—each record is tied to the result our system assigned, such as valid, invalid, risky, or unknown.

These hashed records are not raw uploads of your list. They refer only to addresses that have already been checked, together with their verification status, kept for a short duration (such as in a local cache you can clear in settings) so the system can work faster and avoid unnecessary repeat checks.

For your privacy, the email in each record is stored only in hashed form—a one-way cryptographic hash of the address, not the readable email—so the exact address cannot be recovered from those stored entries alone. This applies whether the processed result was valid or invalid.

While you are actively working in the extension, addresses may appear in the interface for your current session. Plaintext addresses are also sent to third-party verification APIs when you run a check, as described in Section 5.

5. Email verification APIs (user-configured)

When you run a verification, the extension sends email addresses directly from your browser to the third-party verification APIs you configure and enable (for example MillionVerifier, ZeroBounce, NeverBounce, DeBounce, Hunter, and other supported providers).

FirstPass does not route those requests through our servers and does not receive or store your email lists on FirstPass infrastructure. Your provider API keys are stored locally in your browser.

Each verification provider processes data under its own privacy policy and terms. You choose which providers to connect and should review their policies before use.

6. Sharing

We may share information with service providers who help us operate the Service (hosting, payment processing via Paddle, email support), subject to appropriate safeguards.

We may disclose information if required by law or to protect our rights and users.

7. Retention and security

Hashed records of processed emails (valid, invalid, and other verification outcomes) on your device are kept only for a short duration needed for system efficiency (by default, up to the cache period configured in the extension, after which they expire or can be cleared).

We retain other information only as long as needed for the purposes described above or as required by law.

We use reasonable technical and organizational measures to protect data, including hashed storage of retained emails, but no method of transmission or storage is 100% secure.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data. Contact us at the email below to make a request.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal information.

10. Contact

Privacy inquiries: abubakar.orbits@gmail.com.

← Back to home